This invention relates generally to a method of securing against the theft of data or other service fraud by hiding the data within an electronic message or transmission and, more particularly, a method for securing against service fraud through an authorized multimedia transmission, such as Voice over Internet Protocol (VoIP) transmissions or Internet Protocol Television (IPTV).
Recently VoIP has been growing in popularity. VoIP provides many benefits including the capability for large conference sizes with the addition of a conference gateway, the capability for coordination among numbers of individuals, providing a single-cross organization, cross-boundary communications medium. VoIP is rapidly deployable and provides a single connection medium for voice, data, and video. Many companies and even the Federal government are adopting VoIP and moving to an IP network for converged communications.
However, VoIP has a significant security issue. Transmission channel access cannot be fully controlled or blocked to be fully operational, usable, and compatible with current telephony. Also, because everything is “data,” conventional detection (similar to virus and spyware detection programs) has major difficulties distinguishing between voice, video, or other data information found in the transmissions. Unlike already well-known virus and spyware, there are no clear distinguishing markers or signatures. Data and executables move without inspection through the VoIP media port in firewalls. Deep packet inspection of the transmission is generally impossible because the introduced delay would be unacceptable. Thus data, executables, spy programs, and/or Trojan horses, for example, can generally be smuggled in or out without inspection or possibility of inspection.
Currently, VoIP often provides an unchecked channel to the migration of computer data and executables. VoIP provides hackers, thieves, spies, and computer system terrorists with an unchecked, open channel to steal data, e.g., files and databases, plant executables with the means for unchecked distribution to other systems, and/or destroy computer system infrastructure. Governments and companies that have switched to VoIP for the significant benefits VoIP provides could find that a hacker, spy, or terrorist could have stolen valuable information or planted an executable that could damage or destroy computer systems.
Detection of hidden data in real-time within VoIP or other streaming media transmissions is difficult because inspections of the transmissions consume too much time and delay the transmission. A key requirement for an application that creates or processes streams of audio and/or video is that the delay be kept to a minimum, in order to recreate the real-time experience. Detecting hidden data in a media stream is even more difficult when the stream is encrypted.
There is a need for a way to secure against the smuggling of unauthorized transmission within an authorized multimedia transmission, such as VoIP call.